Are you Cyber Resilient?
Are you sure?
How do you know?
What should you do about it?
Cyber, cyber, cyber…. Blah, blah, boring… We all know about it. We have all heard about the risks and the attacks that happen to other businesses and people. We know it’s a threat. You may even have experienced or know someone who has experienced some form of an attack?
Cyber-attacks are a modern-day plague on society. It impacts businesses, people, and us all in one way or another. Frighteningly, it also funds international crime and global terrorism. Cyber-crime causes significant impact and distress to you and others, either knowingly or unknowingly.
The sad thing is cyber-attacks and criminals are here to stay and can no longer be something to be ignored. Not being attacked and being lucky to date, does not mean you will be lucky in the future.
Technology and artificial intelligence continue to evolve at an alarming rate, and shows no signs of slowing down. This evolution coupled with the reduction in component prices and the prospect of greater connectivity and data transfer rates promised by 5G technology will result in more “things” becoming “smart”, digital and automated and joining the realm of the Internet of Things. Smart things require connectivity to a network to enable them to be controlled remotely by devices. Any network connection presents an access point for a cyber-attack.
Cyber Criminals target the weakest prey. They are motivated by two things: money and freedom aka: “not getting caught.” Unless you have something that a cyber-criminal wants at all costs, the harder you are to hack the more likely they are going to go elsewhere. Their business plan is simple: minimum effort for maximum reward from as many people or businesses as possible.
So, at a basic level, simply being harder to hack than the next business and/or person is a sensible approach. But what does hard to hack look like and how do you know how effective it is for your situation?
You may consider that your business is doing all the right things. But are you sure? How do you know? Who is providing your advice? Is your advisor a qualified cyber expert? Or as is often the case through necessity, are they someone who has been double or triple hatted? Are you tracking up-to-the-minute cyber threats? Do you know what is unfolding this very minute and may be affecting your networks, mobile applications, web portals and collaboration tools?
All too often we hear “yes we have addressed cyber security, we have anti-malware, firewalls, VPNs and have conducted a penetration test 3 years ago and a 45-minute training package.” All of this is positive, but relative to modern threat it is probably only at the absolute minimum level that must be considered, and it most probably will not make you sufficiently hard to hack for a criminal to go elsewhere.
But what is enough? What does good look like?
The best approach to achieving the greatest resilience is a comprehensive approach to all cyber threats, obviously… But what does comprehensive look like in cyber security and who decides?
A comprehensive approach involves mitigating appropriately each type of cyber threat, of which there are many. To enable the threats posed by cyber-attack to be easier to understand and aid management, the subject has been broken down into several threat areas. The threat areas are presented as a framework that businesses can use to ensure a comprehensive approach.
There are several international organisations across the globe that have established frameworks for managing cyber resilience. These frameworks have evolved over time and in response to emerging threats, market experiences, academia, and industry best practice.
To truly understand your resilience, it is highly advisable to contract the services of a specialist information security company who are experts at gauging the resilience of your business. They will be able to tell you what you are doing well, what needs development and where you are holding significant risk – which may even identify you are presently in breach of data protection and/or other regulation or are not fulfilling the terms of your insurance. A good company will then provide you with a roadmap for developing resilience, understanding that this will take time and planning and not every business has immediate budget available. CSS Platinum can assist with this.
Finally, it is important to understand that this is an ongoing commitment. Just as today’s cyber security framework evolved over time and in response to events, cyber threats continue to evolve, and new threats emerge every hour. The impact of this is that cyber security must become a cultural consideration in business and people in their private lives. Just as one considers the health and resilience of their body to lead a full and fulfilling life, so now must that business/individual take constant consideration in their interaction with the digital and cyber domains.
Cyber security and resilience is now and forevermore a life skill and one that everyone should take some time to learn. As the adage goes, prevention is always better than cure. Act now, rather than experiencing regret later.”
Be Disciplined, Be Hard to Hack, Be Safe.
Michael Wills is co-founder and chief data officer for CSS Platinum. For further information on the company and the services it provides to Gibraltar businesses and the international yachting industry, please visit https://cssplatinum.com and/or email firstname.lastname@example.org.